Netify Agent - Open Source
The Netify Agent - netifyd - does one thing and one thing very well: network analysis using deep packet inspection. It does not firewall traffic and it does not shape traffic - that job is left to other tools that can integrated with the agent. The features of netifyd agent are described below.
The source code is ready to use on various popular Linux distributions, FreeBSD, OpenWRT, Raspberry Pi and more.
If you're a technical guy, you can find all the source code on Netify's GitLab project page. If you are a veteran technical guy and know about the old l7-filter (Layer 7) project, you might find the l7-filter vs netifyd document a good place to start.
Netifyd Agent Features
Deep Packet Inspection
Provides deep packet inspection and network analysis powered by Netify and the open source nDPI engine.
Modern DPI that detects over 160 protocols including BitTorrent, VPNs, Proxies, VoIP and many others.
Runs on big iron as well as embedded systems including the Raspberry Pi and OpenWRT devices.
Unpacks DNS, DHCP, SSL, HTTP and other requests so you can log all hostname lookups on your network. Catch hostname traffic flowing on alternate TCP/UDP ports.
Firewall and QoS Hooks
Provides flow data in JSON format via Netifyd's socket -- this can be used to provide hooks into firewalls and QoS engines.
Detects apps like Facebook, Twitter, YouTube, Netflix etc. by deconstructing SSL certificates to extract both the certificate domain name, as well as the SNI hostname.
Detects SSL/TLS cipher versions in use so you can catch weak spots on your network.
User Agent Extraction
Extracts user agent information to help provide details about devices on your network.
Netflow and Bandwidth
Standard Netflow data is provided: source and destination IPs, MACs, Layer 4 protocols, IP version, packet counters, byte counters and more.